Corporate VPNs Don't Work Anymore
By Frances Dewing, CEO Rubica Cybersecurity
Twenty years ago, corporate VPNs stopped all but the most determined professional hackers. Today, malware is no longer real-time; it is comfortable waiting for a device to connect to a juicy network target. It can listen for telltale heartbeats from available servers and strike quietly, just when a burst of traffic renders the monitoring system less aware.
Hackers are targeting remote workers using corporate VPNs
Most protection intended to stand between client and servers simply can't withstand a well-timed, narrow-focus attack committed by an authorized client. The New York Times said that corporate attacks now originate primarily through authorized, personal, mobile devices that bring infection right through the VPN tunnel.
This means corporate VPNs are more of a liability than security. Cybercriminals are using the corporate VPN to identify which employees belong to a certain company. They wait until people turn off the VPN, get infected while web-browsing, then reconnect to the VPN and bring their infected device into the corporate ecosystem.
Get unlimited access to:
Enter your credentials below to log in. Not yet a member of MSPinsights? Subscribe today.